FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » Plugins and Code Hacks » Kerberos experiences?
Show: Today's Messages :: Unread Messages :: Show Polls :: Message Navigator
| Subscribe to topic | Bookmark topic 
Switch to threaded view of this topic Create a new topic Submit Reply
Kerberos experiences? [message #166333] Wed, 16 November 2011 13:29 Go to next message
max is currently offline  max
Messages: 1
Registered: November 2011
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
I was wondering if anybody has any experience getting FUDForum to authenticate users via Kerberos? A preliminary search didn't turn up much on the forum or on the wiki.

I am open to rolling my own plugin of some sort -- my particular use case involves Kerberos authentication against an LDAP (Active Directory) user database -- but I was wondering first if anybody has already looked at Kerberos integration, or has any thoughts on how easy/hard it would be to implement.

Apparently there is an old phpBB plugin (now unmaintained) for single sign-on via Kerberos/LDAP (http://phpbb.com/community/viewtopic.php?f=70&t=1620325&p=9732515) -- that might be a reasonable place to start, as far as how to implement (ignoring all the phpBB-specific bits).
Re: Kerberos experiences? [message #166447 is a reply to message #166333] Mon, 12 December 2011 19:47 Go to previous messageGo to next message
naudefj is currently offline  naudefj   South Africa
Messages: 3624
Registered: December 2004
Karma: 17
Senior Member
Administrator
Core Developer
remove from buddy list
ignore all messages by this user
We have an LDAP plugin, but I don't think it supports Kerberos.
Have a look and let us know if you can re-use / update it to support Kerberos.
Re: Kerberos experiences? [message #166474 is a reply to message #166333] Sat, 17 December 2011 20:45 Go to previous message
ShineOn is currently offline  ShineOn   United States
Messages: 53
Registered: July 2011
Karma: 1
Member
add to buddy list
ignore all messages by this user
max wrote on Wed, 16 November 2011 12:29
I was wondering if anybody has any experience getting FUDForum to authenticate users via Kerberos? A preliminary search didn't turn up much on the forum or on the wiki.

I am open to rolling my own plugin of some sort -- my particular use case involves Kerberos authentication against an LDAP (Active Directory) user database -- but I was wondering first if anybody has already looked at Kerberos integration, or has any thoughts on how easy/hard it would be to implement.

Apparently there is an old phpBB plugin (now unmaintained) for single sign-on via Kerberos/LDAP (http://phpbb.com/community/viewtopic.php?f=70&t=1620325&p=9732515) -- that might be a reasonable place to start, as far as how to implement (ignoring all the phpBB-specific bits).
Are you looking to authenticate users against AD, or are you looking for SSO capability, such that AD-authenticated users would automagically be authenticated to FUD using their logged-in identities?

Kerberizing a web application isn't all that simple. LDAP auth is relatively easy, but for the web app to do kerberos authentication it has to be able to talk to the KDC, so it needs to know the realm and has to be able to find the KDC. It needs a user ID in the realm that it can handle whatever Kerberos needs for the type of authentication you want to do, whether it's checking to see if a logged-in user has a valid ticket or it's obtaining a TGT so it can grant an auth ticket to the user.

If you're using Linux on the server side, there may be PAM modules that will help. You may need to use nsswitch. If you're using Apache, there is a kerberos authentication module that you might be able to leverage.

There are a lot of resources out there for how to kerberize a web site. Google is your friend. The trick is to find instructions that specifically speak to using MS Active Directory as the Kerberos KDC and LDAP server. Many will discuss using OpenLDAP and Heimdal or MIT Kerberos 5.

[Updated on: Sat, 17 December 2011 20:59]

Report message to a moderator

Quick Reply
Formatting Tools:   
  Switch to threaded view of this topic Create a new topic
Previous Topic: Patch needed $$ - forum subscription emails send from mail list address
Next Topic: Drupal CMS integration
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Tue Oct 17 20:28:13 EDT 2017

Total time taken to generate the page: 0.00639 seconds